I am trying to understand flash encryption (https://docs.espressif.com/projects/esp ... ption.html) and would like to get some help in regards to whether my thoughts make sense and can be achieved somehow.
What I'm trying to achieve:
- Make it impossible to read the encryption key via either JTAG or UART.
- Make it impossible / not helpful to read out the application binary via JTAG or UART. (I guess this can be achieved via (1) - if the key is unreadable, the encrypted binary is not helpful.)
- Allow unlimited updates using pre-encrypted images via JTAG or UART.
I figured that my requirements necessitate some hybrid form of "development" and "release" mode.
What I did so far is, create a key and flash it to block1.
Can or should I change R/W access bits for block1? Can or should I protect the block1 e-fuses?
Furthermore, I will need to set DISABLE_DL_DECRYPT according to the notice in the above link:
Will this disable serial updates using pre-encrypted images?"Leaving DISABLE_DL_DECRYPT unset (0) makes flash encryption useless."
Which e-fuses will I need to burn in order to achieve the stated goals?
Am I missing any significant security flaw here?
Which e-fuse protections are required or just useful?
Thanks in advance.
EDIT: After further reading, I've come to the conclusion that "Development" and "Release" mode are just configurations of
`DISABLE_DL_ENCRYPT`, `DISABLE_DL_DECRYPT`, `DISABLE_DL_CACHE` and a bunch of other e-fuses. Is my understanding correct?